I'll +1 this request.
Logging in to our account should satisfy security needs. Our account login should be https and that should suffice for the web app connection.
After we login, a link on our account page beside each device to open it in the web app would be handy.
I have worked as a security consultant. Most "security" people are too "absolute" on enforcement, and most developers want to "zero rate" security.
The reality for security is a balance. You cannot ADD or INCREASE security without DECREASING or WORSENING "ease of use" or "productivity".
Security has to be balanced. It has to defeat 80-90% of any real threats, but not destroy productivity or ease of use.
If you need to implement security that makes using your system or service really hard or difficult you have actually defeated the purpose of whatever service you have.
Now, while my home network does not have anything of value on it. I take a dim view of the spam-ware company in Europe that HACKED my DNS server setting in my modem!
And NOBODY can tell me how they did it. Was it uPNP? From outside? Inside? Maybe the ISP-loved remote management system has a flaw?
Nobody can tell me. This is why I turned OFF uPNP. Its does not seem possible to turn off the remote management protocol in my modem.
I turned uPNP back on temporarily to shake down my new Tablo. But as soon as its stable and I understand its needs, uPNP gets switched OFF. I'll add the port forwards manually. Unless the uPNP created ones stick...